In news that will come as a huge surprise to most people, a group of scientists have managed to hack e-mail decryption keys simply by using the sound emitted by the computer. As you already know, most computers emit a high-pitched noise when they are working, largely due vibration of their hardware components. The noise follows a specific pattern which, according to the scientists, can reveal sensitive information.
In their experiment, the group managed to acquire a full 4096-bit RSA decryption key within an hour. They applied their attack in GnuPG’s infrastructure but have since worked with the developers to release a new update that fixes the vulnerability issue. However, they warn that there are a lot of other applications that are vulnerable to such attacks.
Perhaps the most amazing thing about the experiment is the equipment they used to perform it. Although they also conducted it using high-tech equipment, they were able to recreate it using a regular smartphone that was placed within 4 meters of a laptop. If you think that is too obvious, a hidden microphone can also be used in the same way.
The scientists have also demonstrated a number of ways that this method can be exploited. Potential hackers and attackers can, for example, install malware on the mobile phone of the laptop user and he will eventually place his phone somewhere close to the laptop. They can then activate the phone’s microphone and gather the sensitive information. Moreover, if a user allows a website to use their microphone, they can retrieve the noise data easily and remotely.
Their paper provides very detailed information about the whole process, the equipment you can use, the potential threats and the vulnerability of various systems as well as proposed protective methods. The questions and answers part is also a very informative read as it conveys the scope of the project in a few simple lines.